Skip to content

Commit 55d1fab

Browse files
authored
Upgrade project keeper and dependencies (#56)
1 parent 508e8e3 commit 55d1fab

34 files changed

Lines changed: 1671 additions & 876 deletions

.gitattributes

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,4 +7,6 @@ doc/changes/changelog.md linguist-generated=true
77
.github/workflows/broken_links_checker.yml linguist-generated=true
88
.github/workflows/project-keeper.sh linguist-generated=true
99
.github/workflows/project-keeper-verify.yml linguist-generated=true
10-
SECURITY.md linguist-generated=true
10+
.github/workflows/lint-github-actions.yml linguist-generated=true
11+
.github/zizmor.yml linguist-generated=true
12+
SECURITY.md linguist-generated=true

.github/workflows/broken_links_checker.yml

Lines changed: 5 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/workflows/ci-build.yml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,17 +16,20 @@ jobs:
1616
DEFAULT_TARGET: 'test:node'
1717
steps:
1818
- uses: actions/checkout@v6
19+
with:
20+
fetch-depth: 0
21+
persist-credentials: false
1922
- uses: actions/setup-node@v6
2023
with:
2124
node-version: '24'
2225
cache: 'npm'
23-
- run: npm ci
26+
- run: npm ci --ignore-scripts
2427
- run: npm run ${{ matrix.target }}
2528
- name: Run audit
2629
if: ${{ matrix.target == env.DEFAULT_TARGET }}
2730
run: npm run audit
2831
- name: SonarCloud Scan
29-
uses: SonarSource/sonarqube-scan-action@v7
32+
uses: SonarSource/sonarqube-scan-action@59db25f34e16620e48ab4bb9e4a5dce155cb5432 # v8.0.0
3033
if: ${{ matrix.target == env.DEFAULT_TARGET }}
3134
env:
3235
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/lint-github-actions.yml

Lines changed: 34 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/workflows/oft-trace.sh

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
#!/bin/bash
2+
3+
set -o errexit
4+
set -o nounset
5+
6+
script_path="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
7+
8+
root_dir="$script_path/../.."
9+
10+
pushd "$root_dir" > /dev/null
11+
pwd
12+
exec "$script_path/oftw.sh" trace

.github/workflows/oftw.sh

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
#!/bin/sh
2+
3+
set -o errexit
4+
set -o nounset
5+
6+
readonly version="4.4.0"
7+
readonly default_local_repo="${HOME}/.m2/repository"
8+
9+
if [ -d "$default_local_repo" ]; then
10+
local_repo="$default_local_repo"
11+
else
12+
echo "Default local Maven repository not found at $default_local_repo. Attempting to determine it from Maven settings..."
13+
local_repo=$(mvn help:evaluate -Dexpression=settings.localRepository -q -DforceStdout)
14+
fi
15+
readonly local_repo
16+
readonly jar_file="$local_repo/org/itsallcode/openfasttrace/openfasttrace/$version/openfasttrace-$version.jar"
17+
18+
if [ ! -f "$jar_file" ]; then
19+
echo "JAR file $jar_file not found in local Maven repository. Downloading it..."
20+
mvn --batch-mode org.apache.maven.plugins:maven-dependency-plugin:3.10.0:get \
21+
-Dartifact=org.itsallcode.openfasttrace:openfasttrace:"$version" \
22+
-Dtransitive=false
23+
fi
24+
25+
exec java -jar "$jar_file" "$@"

.github/workflows/pr.yml

Lines changed: 30 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -14,15 +14,18 @@ jobs:
1414
DEFAULT_TARGET: 'test:node'
1515
steps:
1616
- uses: actions/checkout@v6
17+
with:
18+
fetch-depth: 0
19+
persist-credentials: false
1720
- uses: actions/setup-node@v6
1821
with:
1922
node-version: '24'
2023
cache: 'npm'
21-
- run: npm ci
24+
- run: npm ci --ignore-scripts
2225
- run: npm run ${{ matrix.target }}
2326
- name: SonarCloud Scan
24-
uses: SonarSource/sonarqube-scan-action@v7
25-
if: ${{ matrix.target == env.DEFAULT_TARGET }}
27+
uses: SonarSource/sonarqube-scan-action@59db25f34e16620e48ab4bb9e4a5dce155cb5432 # v8.0.0
28+
if: ${{ matrix.target == env.DEFAULT_TARGET && env.SONAR_TOKEN != null }}
2629
env:
2730
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2831
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -40,21 +43,42 @@ jobs:
4043
name: Node ${{ matrix.node }} integration test
4144
steps:
4245
- uses: actions/checkout@v6
46+
with:
47+
persist-credentials: false
4348
- name: Setup node ${{ matrix.node }}
4449
uses: actions/setup-node@v6
4550
with:
4651
node-version: ${{ matrix.node }}
4752
cache: 'npm'
48-
- run: npm ci
53+
- run: npm ci --ignore-scripts
4954
- name: Run audit
5055
if: ${{ matrix.node == env.DEFAULT_NODE_VERSION }}
5156
run: npm run audit
5257
- run: npm run itest:dom
5358

54-
build:
59+
trace-requirements:
5560
runs-on: ubuntu-latest
5661
permissions:
5762
contents: read
58-
needs: [distributed-tasks, integration-test-node]
63+
strategy:
64+
fail-fast: false
65+
name: Trace requirements
66+
steps:
67+
- uses: actions/checkout@v6
68+
with:
69+
persist-credentials: false
70+
- name: Cache OFT JARs
71+
uses: actions/cache@v5
72+
with:
73+
path: ~/.m2/repository/
74+
key: oft-${{ hashFiles('.github/workflows/oftw.sh') }}
75+
restore-keys: oft
76+
- run: ./.github/workflows/oft-trace.sh
77+
78+
build:
79+
runs-on: ubuntu-slim
80+
permissions:
81+
contents: read
82+
needs: [distributed-tasks, integration-test-node, trace-requirements]
5983
steps:
6084
- run: echo "All checks passed, build successful!"

.github/workflows/project-keeper-verify.yml

Lines changed: 5 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/workflows/project-keeper.sh

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/workflows/release.yml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,11 +13,13 @@ jobs:
1313
target: ['lint:ci', 'test:dom', 'test:node', 'itest:dom', 'itest:node']
1414
steps:
1515
- uses: actions/checkout@v6
16+
with:
17+
persist-credentials: false
1618
- uses: actions/setup-node@v6
1719
with:
1820
node-version: '24'
1921
cache: 'npm'
20-
- run: npm ci
22+
- run: npm ci --ignore-scripts
2123
- run: npm run ${{ matrix.target }}
2224

2325
release:
@@ -29,12 +31,14 @@ jobs:
2931
contents: read
3032
steps:
3133
- uses: actions/checkout@v6
34+
with:
35+
persist-credentials: false
3236
- uses: actions/setup-node@v6
3337
with:
3438
node-version: '24'
3539
cache: 'npm'
3640
registry-url: 'https://registry.npmjs.org'
37-
- run: npm ci
41+
- run: npm ci --ignore-scripts
3842
- run: npm run audit
3943
- run: npm run build
4044
- run: npm pack

0 commit comments

Comments
 (0)